When building REST APIs using node express, it is very easy to get confused as there are so many packages/tools available for different purposes - you do not know which to use and when! In this repository, I tried to consolidate them in this boilerplate repository and use them for example apis with CURD operations. I tried to keep this project (or boilerplate) as close to production as possible, but yeah we know nothing is perfect when it comes to prod deployment but atleast we can give our best. I also believe that, I might have missed out something for sure, which I request you to create an issue, if you find one.
Building REST apis are fun, but what I have observed is, when you think from start to end, meaning right from planning about these apis, till the deployment of apis (which ofcouse includes security and other important aspects), it becomes more complex and at the same time more fun. So the question is how do we start?
First we plan, in the planning phase you are looking at the whole product without even building it. Writing APIs specification (ofcoures when you have passed the design phase) could be good starting point. You design the API specifications so that:
- frontend guy start developing the UI,
- testers start wrting the test cases
- and backend folks, start working on developing APIs.
All these process happens parallely. This process is called API first approach. I love this approach since it gives me visibility of the whole product before writing too much code! Once done, you repeat the whole process if needed.
-
Planning
- Swagger to implement OpenAPI specification 3.0.0
- Approach - API first (
swagger
)
-
Development
- Framework
- Nodejs express
- MVC
- Typescript
- Node v14.16.0
- Debugging (
nodemon
,ts-node
) - Storage
- mongo db
- Logging (
winston
) - Environment variable (
dotenv
) - Linting (
eslint
) - Security
- Authentication ?
- Authorization ?
- Prevents DOS attack
- limit body payload
- express rate limit dependency (
express-rate-limit
)
- Prevents XSS attacks
- Appropriate headers (
helmet
) - Data Sanitization against XSS (
xss-clean
)
- Appropriate headers (
- Framework
-
Testing
-
Deployment
- Bundling (
webpack
) - Use process manager (
PM2
) - Containerization (
docker
)
- Bundling (
Install dependencies
npm i
Development
npm run dev
npm run build:dev
npm run start
Production
npm run build:prod
npm run prod #production
Note: Create production.env
for production run
Build docker image
npm run build:prod
docker build -t ts-boilerplate . # build an image
Run container
docker run -p 5000:5000 -d ts-boilerplate
Note: Create production.env
for production run
Production deployment - by mozilla | API First approach | production-ready-node-and-express-app- | production-ready-node-js-rest-api-typescrip - blog | Airbnb JavaScript Style Guide() | Linting in Typescript | security-on-your-nodejs-api | configuring-middleware-for-authentication | About helmet | Good repo to follow | Docker publish vs expose | make your NodeJS application or API secure | Gracefully shutdown handling | Using sqeuelize | Learn Typescript | setup-typecript-sequelize | strongly-typed-models-with-mongoose-and-typescript